Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete
Vulnerability Description
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Symfony UX Autocomplete 输入验证错误漏洞
Vulnerability Description
Symfony UX Autocomplete是Symfony开源的一个 Symfony 的 JavaScript 自动完成功能。 Symfony UX Autocomplete 2.11.2之前版本存在输入验证错误漏洞。攻击者利用该漏洞可以成功提交无效的实体ID。
CVSS Information
N/A
Vulnerability Type
N/A